Category

Burp 2: Application Login - 2nd authentication step

Andrej |
Last updated: Sep 03, 2018 07:30AM UTC

The New Login Credentials accept username and password. Would it be possible to introduce an optional 2nd authentication step, like PIN (with static value)? For example, user needs to fill in username+password, followed by PIN on 2nd page for authentication to be complete.

PortSwigger Agent |
Last updated: Sep 03, 2018 07:43AM UTC

Thanks for letting us know about this. To support this and other non-standard authentication flows, we're going to investigate providing a "record login" function.
In the meantime, unfortunately the new crawler is not able to cover this site.

Burp User |
Last updated: Sep 04, 2018 01:02PM UTC

That would be perfect! thanks:)

Rose, PortSwigger Agent |
Last updated: Sep 04, 2018 01:04PM UTC

This is still in our backlog. Unfortunately, we can't provide an ETA.

Burp User |
Last updated: May 13, 2019 02:57PM UTC

Any ETA for this feature ?

Burp User |
Last updated: Jul 02, 2019 11:34AM UTC

Hi support team, as Burp 2 is now out of beta, do you have any update on this "record login" feature?
Currently I am not able to crawl websites with complex authentication mechanisms (including more than one step) and I guess this feature would solve my issue.

Rose, PortSwigger Agent |
Last updated: Jul 02, 2019 12:04PM UTC

Volodia, unfortunately we still don't have an ETA on this.

Burp User |
Last updated: Oct 03, 2019 11:22AM UTC

Hello, is this feature being looked at for Professional and/or Enterprise edition?

Mike, PortSwigger Agent |
Last updated: Oct 04, 2019 09:13AM UTC

Hi Stijn, yes this feature is being evaluated for both versions of Burp Suite.

Burp User |
Last updated: Oct 04, 2019 07:15PM UTC

Any update on this feature?

Mike, PortSwigger Agent |
Last updated: Oct 07, 2019 09:58AM UTC

No updates on this to share at the moment, we will notify this thread when it gets released.